AWS CodeConnections (codeconnections)

Additions

Actions

• CreateConnection
  
  • Description:  Grants permission to create a Connection resource
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    codeconnections:ProviderType

• CreateHost
  
  • Description:  Grants permission to create a host resource
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    codeconnections:ProviderType

• CreateRepositoryLink
  
  • Description:  Grants permission to create a repository link
  • Access:  Write
  • Resources: 

    Name: Connection

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    codeconnections:PassConnection

    codeconnections:UseConnection

• CreateSyncConfiguration
  
  • Description:  Grants permission to create a template sync config
  • Access:  Write
  • Resources: 

    Name: RepositoryLink

    Required: Yes

  • Conditions: 

    codeconnections:Branch

  • Dependents: 

    codeconnections:PassRepository

    iam:PassRole

• DeleteConnection
  
  • Description:  Grants permission to delete a Connection resource
  • Access:  Write
  • Resources: 

    Name: Connection

    Required: Yes

• DeleteHost
  
  • Description:  Grants permission to delete a host resource
  • Access:  Write
  • Resources: 

    Name: Host

    Required: Yes

• DeleteRepositoryLink
  
  • Description:  Grants permission to delete a repository link
  • Access:  Write
  • Resources: 

    Name: RepositoryLink

    Required: Yes

• DeleteSyncConfiguration
  
  • Description:  Grants permission to delete a sync configuration
  • Access:  Write
• GetConnection
  
  • Description:  Grants permission to get details about a Connection resource
  • Access:  Read
  • Resources: 

    Name: Connection

    Required: Yes

• GetHost
  
  • Description:  Grants permission to get details about a host resource
  • Access:  Read
  • Resources: 

    Name: Host

    Required: Yes

• GetIndividualAccessToken
  
  • Description:  Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection
  • Access:  Read
  • Conditions: 

    codeconnections:ProviderType

  • Dependents: 

    codeconnections:StartOAuthHandshake

• GetInstallationUrl
  
  • Description:  Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection
  • Access:  Read
  • Conditions: 

    codeconnections:ProviderType

• GetRepositoryLink
  
  • Description:  Grants permission to describe a repository link
  • Access:  Read
  • Resources: 

    Name: RepositoryLink

    Required: Yes

• GetRepositorySyncStatus
  
  • Description:  Grants permission to get the latest sync status for a repository
  • Access:  Read
  • Resources: 

    Name: RepositoryLink

    Required: Yes

  • Conditions: 

    codeconnections:Branch

• GetResourceSyncStatus
  
  • Description:  Grants permission to get the latest sync status for a resource (cfn stack or other resources)
  • Access:  Read
• GetSyncBlockerSummary
  
  • Description:  Grants permission to describe service sync blockers on a resource (cfn stack or other resources)
  • Access:  Read
• GetSyncConfiguration
  
  • Description:  Grants permission to describe a sync configuration
  • Access:  Read
• ListConnections
  
  • Description:  Grants permission to list Connection resources
  • Access:  List
  • Resources: 

    Name: Connection

    Required: Yes

  • Conditions: 

    codeconnections:ProviderTypeFilter

• ListHosts
  
  • Description:  Grants permission to list host resources
  • Access:  List
  • Conditions: 

    codeconnections:ProviderTypeFilter

• ListInstallationTargets
  
  • Description:  Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection
  • Access:  List
  • Dependents: 

    codeconnections:GetIndividualAccessToken

    codeconnections:StartOAuthHandshake

• ListRepositoryLinks
  
  • Description:  Grants permission to list repository links
  • Access:  List
• ListRepositorySyncDefinitions
  
  • Description:  Grants permission to list repository sync definitions
  • Access:  List
• ListSyncConfigurations
  
  • Description:  Grants permission to list sync configurations for a repository link
  • Access:  List
• ListTagsForResource
  
  • Description:  Grants permission to the set of key-value pairs that are used to manage the resource
  • Access:  List
  • Resources: 

    Name: Connection

    Required: No

    Name: Host

    Required: No

    Name: RepositoryLink

    Required: No

• PassConnection
  
  • Description:  Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline
  • Access:  Read
  • Resources: 

    Name: Connection

    Required: Yes

  • Conditions: 

    codeconnections:PassedToService

• PassRepository
  
  • Description:  Grants permission to pass a repository link resource to an AWS service that accepts a RepositoryLinkId as input, such as codeconnections:CreateSyncConfiguration
  • Access:  Read
  • Resources: 

    Name: RepositoryLink

    Required: Yes

  • Conditions: 

    codeconnections:PassedToService

• RegisterAppCode
  
  • Description:  Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host
  • Access:  Read
  • Conditions: 

    codeconnections:HostArn

• StartAppRegistrationHandshake
  
  • Description:  Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host
  • Access:  Read
  • Conditions: 

    codeconnections:HostArn

• StartOAuthHandshake
  
  • Description:  Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection
  • Access:  Read
  • Conditions: 

    codeconnections:ProviderType

• TagResource
  
  • Description:  Grants permission to add or modify the tags of the given resource
  • Access:  Tagging
  • Resources: 

    Name: Connection

    Required: No

    Name: Host

    Required: No

    Name: RepositoryLink

    Required: No

  • Conditions: 

    aws:TagKeys

    aws:RequestTag/${TagKey}

• UntagResource
  
  • Description:  Grants permission to remove tags from an AWS resource
  • Access:  Tagging
  • Resources: 

    Name: Connection

    Required: No

    Name: Host

    Required: No

    Name: RepositoryLink

    Required: No

  • Conditions: 

    aws:TagKeys

• UpdateConnectionInstallation
  
  • Description:  Grants permission to update a Connection resource with an installation of the CodeStar Connections App
  • Access:  Write
  • Resources: 

    Name: Connection

    Required: Yes

  • Conditions: 

    codeconnections:InstallationId

  • Dependents: 

    codeconnections:GetIndividualAccessToken

    codeconnections:GetInstallationUrl

    codeconnections:ListInstallationTargets

    codeconnections:StartOAuthHandshake

• UpdateHost
  
  • Description:  Grants permission to update a host resource
  • Access:  Write
  • Resources: 

    Name: Host

    Required: Yes

• UpdateRepositoryLink
  
  • Description:  Grants permission to update a repository link
  • Access:  Write
  • Resources: 

    Name: RepositoryLink

    Required: Yes

• UpdateSyncBlocker
  
  • Description:  Grants permission to update a sync blocker for a resource (cfn stack or other resources)
  • Access:  Write
• UpdateSyncConfiguration
  
  • Description:  Grants permission to update a sync configuration
  • Access:  Write
  • Conditions: 

    codeconnections:Branch

• UseConnection
  
  • Description:  Grants permission to use a Connection resource to call provider actions
  • Access:  Read
  • Resources: 

    Name: Connection

    Required: Yes

  • Conditions: 

    codeconnections:BranchName

    codeconnections:FullRepositoryId

    codeconnections:OwnerId

    codeconnections:ProviderAction

    codeconnections:ProviderPermissionsRequired

    codeconnections:RepositoryName

Resources

• Connection
  
  • Arn:  arn:${Partition}:codeconnections:${Region}:${Account}:connection/${ConnectionId}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• Host
  
  • Arn:  arn:${Partition}:codeconnections:${Region}:${Account}:host/${HostId}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• RepositoryLink
  
  • Arn:  arn:${Partition}:codeconnections:${Region}:${Account}:repository-link/${RepositoryLinkId}
  • Conditions: 

    aws:ResourceTag/${TagKey}

Conditions

• aws:RequestTag/${TagKey}
  
  • Description:  Filters access by the tags that are passed in the request
  • Type:  String
• aws:ResourceTag/${TagKey}
  
  • Description:  Filters access by the tags associated with the resource
  • Type:  String
• aws:TagKeys
  
  • Description:  Filters access by the tag keys that are passed in the request
  • Type:  ArrayOfString
• codeconnections:Branch
  
  • Description:  Filters access by the branch name that is passed in the request
  • Type:  String
• codeconnections:BranchName
  
  • Description:  Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch
  • Type:  String
• codeconnections:FullRepositoryId
  
  • Description:  Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository
  • Type:  String
• codeconnections:HostArn
  
  • Description:  Filters access by the host resource associated with the connection used in the request
  • Type:  ARN
• codeconnections:InstallationId
  
  • Description:  Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeConnections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection
  • Type:  String
• codeconnections:OwnerId
  
  • Description:  Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user
  • Type:  String
• codeconnections:PassedToService
  
  • Description:  Filters access by the service to which the principal is allowed to pass a Connection or RepositoryLink
  • Type:  String
• codeconnections:ProviderAction
  
  • Description:  Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values
  • Type:  ArrayOfString
• codeconnections:ProviderPermissionsRequired
  
  • Description:  Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write
  • Type:  String
• codeconnections:ProviderType
  
  • Description:  Filters access by the type of third-party provider passed in the request
  • Type:  String
• codeconnections:ProviderTypeFilter
  
  • Description:  Filters access by the type of third-party provider used to filter results
  • Type:  String
• codeconnections:RepositoryName
  
  • Description:  Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for access to repositories owned by a specific user
  • Type:  String